code-projects Client Details System update-clients.php sql injection
CVE-2023-7141
9.8CRITICAL
Summary
A vulnerability in the Client Details System version 1.0 allows for SQL injection through improper handling of input in the /admin/update-clients.php file. An attacker can manipulate the 'uid' argument, potentially leading to unauthorized access or exposure of sensitive information. This issue has been made public, raising concerns about its exploitation in vulnerable installations.
Affected Version(s)
Client Details System 1.0
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Hamdi Sevben (VulDB User)